Check: CSCO-NC-000190
Cisco ISE NAC STIG:
CSCO-NC-000190
(in versions v1 r2 through v1 r1)
Title
The Cisco ISE must off-load log records onto a different system. (Cat II impact)
Discussion
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. This does not apply to audit logs generated on behalf of the device itself (management).
Check Content
Navigate to Administration >> System >> Backup and Restore. Ensure that operational data backups are scheduled. If operational backups are not scheduled, this is a finding.
Fix Text
From the Web Admin portal: 1. Navigate to Administration >> System >> Backup and Restore. 2. Select the "Schedule" option next to Operational Data Backup. 3. Configure operational data backup at a desired frequency.
Additional Identifiers
Rule ID: SV-242593r714089_rule
Vulnerability ID: V-242593
Group Title: SRG-NET-000334-NAC-001350
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001851 |
The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited. |
Controls
Number | Title |
---|---|
AU-4 (1) |
Transfer To Alternate Storage |